In-Depth
Could Printers Be Your Biggest Insider Threat?
If you’re only as secure as your weakest link, printers could be your biggest threat.
Let’s start with two basic assertions. First, your security posture is only as strong as its weakest link. Second, the simplest attack vectors are easiest to overlook and unquestionably the most dangerous. If you accept these statements—and we think you will—then printers could quite possibly be your biggest threat.
Printers live immutable and unquestioned on our networks. This correlates to the fact that they are universally viewed as internal-facing, output-only devices. While many may be comfortable with ignoring these devices, such assumptions go against the key objective of every security effort we make: loss prevention of our intellectual property.
While we are reasonably capable of preventing unauthorized internal or external access to customer accounts, source code, formulas, algorithms, processes, and procedures., the security situation can fracture in the course of any sort of legitimate access. Printers further break down this model by producing physical copies, minimizing any permission-based protection we might be afforded, reducing accountability, and providing a low tech (yet ideal) medium for external distribution.
While no security solution is infallible, I am frequently challenged with the simple argument that software products can’t stop insider threats because people can always write things down or capture images with camera phones. However, if we make such theft activities observable, we are doing an effective job as security administrators. Observable theft leads to tips, which, according to the Association of Fraud Examiners, are by far the most successful means of discovering occupational fraud.
How to Hinder the Printer Threat
There are several steps we can take to reduce or even obviate the printer threat.
1. Conduct an audit or survey of your network environment.
The current state of network-based printing systems affords us small footprint machines with quality, high-speed output at a reasonable cost. Consequently, there is little or no resistance to having liberal numbers of shared devices at various points throughout the office. Typically, consideration is given to departmental areas such as human resources that will be printing sensitive employee data, and access must be restricted to approved personnel.
2. Distribute printers at moderately inconvenient locations
The tactic for distributed printers is to keep them at a moderately inconvenient distance, something I call “arm distance printing.” This distance is important because users think twice about printing if they have to get out of a chair and walk to the printer. So, human indolence will naturally reduce some number of jobs sent to the printer, which, as a bonus, lowers your overall printing costs while reducing risk.
Further, users are more conscientious regarding documents sent to a remote printer. I recently had to send my pay stub to the printer, whereupon I bolted to the device to ensure the casual passer-by would not pick up my print job. Proximity is an important factor when considered in terms of users who may be printing sensitive data frequently. A key byproduct of arm-distance printing is to provide physical indicators of suspicious user activity, such as an employee taking an abnormal number of trips to a printer during the business day.
3. Re-examine User Privileges and Disable Web-based Printing
Part of our printing survey must re-examine user privileges. If we have users who can operate in restricted user mode we should do so. Be sure to double-check your group policy printing restrictions. Some configurations may take away the “add printer” button, without necessarily keeping the user from establishing a printer via an application install. Another high-risk area we want disabled is Web-based printing, whereby users can print remotely. With such remote delivery a print job could end up at their home, or even worse, directly on a printer controlled by individuals with criminal intent.
My personal nightmare scenario is an installable application that takes Web-based printing to the next level: FedEx Kinko’s new printing service. To quote their Web site “File, Print FedEx Kinko’s is an online printing tool that lets you print to any of 1,100 FedEx Kinko’s Office and Print Centers across the U.S.” Now that’s a tempting situation; I can anonymously extract proprietary information to anywhere in the U.S. from within my organization, without physical evidence.
4. Utilize Print Monitoring Capabilities
Traditionally, print-monitoring tools are more focused on print utilization as a cost center, though more security-centric vendors are releasing products with such capabilities. I would describe these first generation products as an audit approach that covers who, when, and where (to what device) users are printing. Better products record what files are printed.
Best Practice: Audit Only Print Jobs Containing Sensitive Materials
The established vision for NextSentry products (the company I lead) is to move beyond basic auditing capabilities, providing dynamic analysis of documents to determine if a given print job contains truly sensitive material. From my perspective, there is limited value in logging a list of print jobs and files printed that few people will review in depth.
To create a realistically manageable situation, deploy technology that will generate events for review only when they are known to contain sensitive data. Trending and behavior patterning among such events can surface some truly interesting findings. Imagine the ability to identify employees who have printed the quarterly earnings report prior to its release date, or those who have printed bank account records from a defined watch list. It is only with this level of insight that you can begin to truly understand the threat posed by printers, one of the most under-addressed threats in your organization.